In a recent security advisory, Spring Security disclosed CVE-2024-38821, a critical vulnerability impacting WebFlux applications, with a CVSS severity score of 9.1. The flaw enables an “authorization bypass of static...
A new vulnerability, CVE-2024-22036, has been disclosed by the SUSE Rancher Security team, highlighting a critical flaw that enables remote code execution (RCE) in Rancher environments. Rated 9.1 on the...
A new report reveals a concerning number of security vulnerabilities affecting Sharp and Toshiba Tec multifunction printers (MFPs). These flaws could allow attackers to crash devices, steal sensitive information, bypass...
SafeBreach specialist Alon Leviev has discovered that attackers can exploit outdated Windows kernel components to bypass critical protections, such as Driver Signature Enforcement, enabling the installation of rootkits even on...
A severe security vulnerability has been identified in the Xlight SFTP server, a popular Windows-based FTP and SFTP solution designed for secure, high-performance file transfer. Designated as CVE-2024-46483, this pre-authentication...
A significant security vulnerability, CVE-2023-32197, has been identified in RKE2, Rancher’s Kubernetes distribution geared toward high-security environments, including the U.S. Federal Government. The vulnerability, rated with a high severity score...
The researcher published the technical details and proof-of-concept (PoC) exploit code for CVE-2024-9264 – a critical vulnerability in Grafana—an open-source, multi-platform analytics, and visualization tool widely adopted by organizations to...
Synology has released security updates to address critical vulnerabilities in Synology Photos and BeePhotos, its photo management applications for network-attached storage (NAS), and personal cloud storage devices, respectively. The vulnerabilities,...
The SUSE Rancher Security team has recently issued a high-severity advisory, CVE-2022-45157, warning users of a critical vulnerability affecting Rancher’s handling of vSphere’s Cloud Provider Interface (CPI) and Container Storage...
The SonicWall Capture Labs Threat Research Team has published an in-depth analysis of CVE-2024-38812, a critical heap-overflow vulnerability found in VMware vCenter Server. This vulnerability affects VMware vCenter Server version...
A recent report from Intrinsec, titled “China: Vulnerabilities as a Strategic Resource,” details how China systematically utilizes cybersecurity vulnerabilities as part of a broader national strategy. Through a dense legal...
Progress Software has disclosed a severe new vulnerability in its popular network monitoring solution, WhatsUp Gold, that exposes organizations to potential cyberattacks by allowing unauthorized access to user credentials. The...
Enable Security recently released a report detailing a newly discovered vulnerability in WebRTC, the open-standard technology enabling real-time communication between browsers. The vulnerability, termed the DTLS “ClientHello” Race Condition, exposes...
A critical authentication bypass vulnerability has been discovered in wpDiscuz, a widely used WordPress plugin with over 80,000 active installations. This vulnerability, tracked as CVE-2024-9488 and assigned a CVSSv3 score...
A newly disclosed vulnerability in Okta Verify for iOS could allow unauthorized access to user accounts, even if the user actively denies the authentication request. The flaw, tracked as CVE-2024-10327...
Support Securityonline.info site. Thanks!
